Certified Ethical Hacker (CEH v11) — Question 240

Which of the following scanning method splits the TCP header into several packets and makes it difficult for packet filters to detect the purpose of the packet?

Answer options

• A. ACK flag probe scanning
• B. ICMP Echo scanning
• C. SYN/FIN scanning using IP fragments
• D. IPID scanning

Correct answer: C

Explanation

The correct answer is C, as SYN/FIN scanning using IP fragments effectively obscures the TCP header by splitting it into smaller packets, making it challenging for packet filters to identify the transmission's intent. Options A and B do not involve fragmentation and are less effective for evasion, while D, IPID scanning, is a different technique that does not utilize TCP header fragmentation.